Authors: Kendall Comeaux, Trevor Spinosa, Ali Ghosn and Ibrahim Baggili
DFRWS EU 2026
Abstract
Artificial intelligence (AI) companion applications have emerged as a new class of conversational systems that blur the line between entertainment, intimacy, and sensitive personal data collection. Their rapid adoption and reliance on opaque cloud infrastructures create novel challenges for digital forensics, yet systematic analysis of these platforms has been limited in both academic and practitioner communities. In this paper, we present a cross-application forensic study of leading AI companion applications, combining device acquisition, network interception, and file system analysis within a rooted Android emulator to ensure reproducibility. We developed custom tools to extract and correlate artifacts such as plain-text conversation logs, authentication tokens, profile data, and hidden API calls. We also characterized third-party tracking, session management, and basic encryption, enabling automated forensic user-profile generation. Our evaluation across six applications, representing over 25 million combined downloads, reveals that sensitive user information is often retained locally, transmitted via undocumented APIs, and inconsistently protected by safeguard mechanisms, with cross-app identifiers sometimes enabling correlation of user activity. These findings demonstrate both the evidentiary potential and the privacy risks of AI companions, and offer initial guidance for evidence preservation and lawful access, while laying the groundwork for standardized forensic methodologies in this emerging domain.